libvirt_lxc: SELinux MCS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello list,

my name is Matteo, i'm new on that list.
I'm working on a multitenancy platform with linux containers through libvirt on a production system with Red Hat 6.4.
Every container run a separate instance of OpenSSH and Apache HTTPd and I need to give root privileges to the developers and I try to configure SELinux using svirt and MCS.
I try the secmodel type dynamic and static in the xml file but it didn't work, I received the following error:

error : virSecurityLabelDefParseXML:3228 : XML error: security label is missing
error : virNetSocketNewConnectUNIX:566 : Failed to connect socket to '/var/run/libvirt/lxc/cntr1.sock': Connection refused

I configure the followings secmodel definition and used chcon on the rootfs directory (created with yum) with "system_u:object_r:svirt_lxc_file_t:s0:c30,c50" label:

<seclabel type='static' model='selinux' relabel='no'>
   <label>system_u:system_r:svirt_lxc_net_t:s0:c30,c50</label>
</seclabel>

or:

<seclabel type='dynamic' model='selinux' relabel='yes'>
   <label>system_u:system_r:svirt_lxc_net_t:s0:c30,c50</label>
</seclabel>

I try to compile the last version from the master branch of git the result was always the same, the error was related to the SELinux driver not enabled. 
The output from "virsh -c lxc:/// capabilities" doesn't show the secmodel and doi tag like the qemu/kvm have for the lxc driver the selinux driver.

How can I enable the SELinux driver for libvirt lxc in Red Hat 6.4?
SELinux is in enforcing mode.

Thanks in advance,
Matteo

_______________________________________________
libvirt-users mailing list
libvirt-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvirt-users




[Index of Archives]     [Virt Tools]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux